Full CISA KEV catalog

Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.

Showing 91–120 of 667 CVEs · Page 4 of 23 30 per page
Added CVE Vendor / Product Name & description CVSS EPSS
Mar 11, 2025 CVE-2025-24993 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code locally.
2.5%
Mar 11, 2025 CVE-2025-26633
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.
45.3%
Mar 3, 2025 CVE-2018-8639
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully ex…
33.2%
Feb 25, 2025 CVE-2024-49035 Microsoft Partner Center
endpoint m365 smb essential
Microsoft Partner Center Improper Access Control Vulnerability
Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.
6.2%
Feb 24, 2025 CVE-2017-3066 Adobe ColdFusion
smb essential
Adobe ColdFusion Deserialization Vulnerability
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
93.7%
Feb 21, 2025 CVE-2025-24989 Microsoft Power Pages
endpoint m365 smb essential
Microsoft Power Pages Improper Access Control Vulnerability
Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user re…
31.6%
Feb 12, 2025 CVE-2025-24200 Apple iOS and iPadOS
endpoint mobile smb essential
Apple iOS and iPadOS Incorrect Authorization Vulnerability
Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.
48.4%
Feb 11, 2025 CVE-2025-21391 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Storage Link Following Vulnerability
Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including da…
4.7%
Feb 11, 2025 CVE-2025-21418 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain…
10.3%
Feb 6, 2025 CVE-2024-21413 Microsoft Office Outlook
endpoint m365 smb essential
Microsoft Outlook Improper Input Validation Vulnerability
Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker …
93.0%
Feb 4, 2025 CVE-2024-29059 Microsoft .NET Framework
endpoint m365 smb essential
Microsoft .NET Framework Information Disclosure Vulnerability
Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.
93.6%
Jan 29, 2025 CVE-2025-24085 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Use-After-Free Vulnerability
Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
13.1%
Jan 14, 2025 CVE-2025-21333 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges.
79.2%
Jan 14, 2025 CVE-2025-21334 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
5.8%
Jan 14, 2025 CVE-2025-21335 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
7.7%
Dec 16, 2024 CVE-2024-20767 Adobe ColdFusion
smb essential
Adobe ColdFusion Improper Access Control Vulnerability
Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.
94.1%
Dec 16, 2024 CVE-2024-35250 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability
Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.
54.9%
Dec 10, 2024 CVE-2024-49138 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.
87.0%
Nov 21, 2024 CVE-2024-44308 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Code Execution Vulnerability
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
1.0%
Nov 21, 2024 CVE-2024-44309 Apple Multiple Products
endpoint mobile smb essential
Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attac…
0.9%
Nov 12, 2024 CVE-2021-26086 Atlassian Jira Server and Data Center
enterprise smb essential
Atlassian Jira Server and Data Center Path Traversal Vulnerability
Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml endpoint.
94.2%
Nov 12, 2024 CVE-2024-43451 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could …
90.3%
Nov 12, 2024 CVE-2024-49039
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppCont…
65.0%
Oct 22, 2024 CVE-2024-38094
Ransomware
Microsoft SharePoint
endpoint m365 smb essential
Microsoft SharePoint Deserialization Vulnerability
Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.
70.3%
Oct 15, 2024 CVE-2024-30088
Ransomware
Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation.
88.1%
Oct 15, 2024 CVE-2024-9680
Ransomware
Mozilla Firefox
browser smb essential
Mozilla Firefox Use-After-Free Vulnerability
Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process.
30.8%
Oct 8, 2024 CVE-2024-43572 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows Management Console Remote Code Execution Vulnerability
Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution.
52.2%
Oct 8, 2024 CVE-2024-43573 Microsoft Windows
endpoint m365 smb essential
Microsoft Windows MSHTML Platform Spoofing Vulnerability
Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality.
17.7%
Sep 18, 2024 CVE-2020-0618 Microsoft SQL Server
database endpoint m365 smb essential
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability …
94.2%
Sep 17, 2024 CVE-2013-0643 Adobe Flash Player
smb essential
Adobe Flash Player Incorrect Default Permissions Vulnerability
Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
58.6%

Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.